1. Technical Field
The present invention relates in general to methods and systems of improving data processing systems and in particular to methods and systems for controlling public access to a plurality of data objects stored within a data processing system. Still more particularly, the present invention relates to methods and systems for centrally controlling public access to a plurality of data objects stored within a data processing system.
2. Description of the Related Art
In modern data processing systems the control of access to various documents and applications within the system is well known. In highly controlled security systems, access to a particular data object may only be obtained after entering a selected password and/or complying with various security procedures which serve to certify that a particular user is indeed the user authorized to access that particular data object.
In more complicated data processing systems, access control may be further defined by selectively identifying not only a particular user but also the level of authority which that user may enjoy. For example, a particular user may be permitted to read a selected data object, but not permitted to modify that data object. Similarly, a user may be authorized to write data to a selected data object, but not permitted to read other portions of that object. Of course, those skilled in the art that various other combinations of authority levels may be implemented with such a system.
In International Business Machines' Document Interchange Architecture access control to various data objects stored within a data processing system is controlled by an access control profile known as the Access Control Model Object (ACMO). The ACMO serves a repository for access control information about an associated document and includes: the identity of the document owner, the identity of any users to whom some form of access authority has been granted; the duration for which the document must be retained within the system; and, the security level requested for the document.
Access control to a selected document is specified within the ACMO utilizing one of several authorization parameters. An explicit authorization parameter is utilized to list the specific identity of a particular user and the authorization level of that user. A shared authorization parameter is utilized to list the identity of a shared authorization list, which contains the identities of multiple users and the authorization level of each user, for a group of data objects. Finally, a public authorization parameter is utilized to set forth the authorization level of any user not specifically set forth within the ACMO.
While the aforementioned system provides an excellent method of controlling access to selected data objects stored within a data processing system, it does not provide a method whereby a user may effectively control unspecified or "public" access to a group of data objects. For example, a user may wish to grant public access at an identical authorization level with regard to a large number of data objects. Under existing architectures a user must access each data object individually and thereafter alter the content of the public authorization parameter within each data object. It should therefore be apparent that a need exists for a method and system whereby public access to a plurality of data objects may be centrally controlled.